diff -Nru netsed-1.00b/debian/changelog netsed-1.00b/debian/changelog --- netsed-1.00b/debian/changelog 2011-06-11 08:29:00.000000000 +0000 +++ netsed-1.00b/debian/changelog 2011-08-24 18:56:14.000000000 +0000 @@ -1,3 +1,15 @@ +netsed (1.00b-2) unstable; urgency=low + + * debian/control: Improve description. + * debian/rules: Remove my email address. + * debian/NEWS: New file. + * debian/netsed.1: Update manpage to give present capabilities. + * debian/patches/: + + 03-traditional_rule.diff: Less strict rule spelling. + + 04-check_dual_stack.diff: Avoid unintended dual family stack. + + -- Mats Erik Andersson Wed, 24 Aug 2011 20:54:28 +0200 + netsed (1.00b-1) unstable; urgency=low [Arno Töll] diff -Nru netsed-1.00b/debian/control netsed-1.00b/debian/control --- netsed-1.00b/debian/control 2011-06-11 08:27:53.000000000 +0000 +++ netsed-1.00b/debian/control 2011-08-24 18:56:14.000000000 +0000 @@ -25,7 +25,7 @@ * fuzz generating experiments, integrity tests - whenever you do stability tests of an application to see how it cares for data integrity; - * other common applications: deceptive transfers, content filtering, - protocol conversion - whichever best fits your task at hand. + * other common use-cases: deceptive transfers, content filtering, + protocol conversion - whatever best fits your task at hand. . It ideally complements a tool suite based on ngrep, netcat, and tcpdump. diff -Nru netsed-1.00b/debian/netsed.1 netsed-1.00b/debian/netsed.1 --- netsed-1.00b/debian/netsed.1 2011-06-10 05:18:29.000000000 +0000 +++ netsed-1.00b/debian/netsed.1 2011-08-24 18:56:14.000000000 +0000 @@ -1,76 +1,130 @@ -.TH NETSED 1 "June 23, 2001" NETSED -.SH NAME -netsed \- network packet stream editor -.SH SYNOPSIS -.B netsed -.I proto lport rhost rport rule1 -.RI [ rule2 ] " " ... -.SH DESCRIPTION -NetSED is small and handful utility designed to alter the contents of -packets forwarded thru your network in real time. It is really useful -for network hackers in following applications: -.TP -.B black\-box protocol auditing -whenever there are two or more propertiary boxes communicating over -undocumented protocol (by enforcing changes in ongoing transmissions, -you will be able to test if tested application is secure) -.TP -.B fuzz\-alike experiments, integrity tests -whenever you want to test stability of the application and see how it -ensures data integrity, -.TP -.B other common applications -fooling other people, content filtering, etc etc \- choose whatever -you want to. -.LP -It perfectly fits netgrep, netcat and tcpdump tools suite :P -.SH OPTIONS -.TP -.B proto -protocol specification (tcp or udp) -.TP -.B lport -local port to listen on (see README for transparent traffic intercepting -on some systems) -.TP -.B rhost -where connection should be forwarded (0 = use destination address of -incoming connection, see README) -.TP -.B rport -destination port (0 = dst port of incoming connection) -.TP -.B rule\fIN\fR -replacement rules (see below) -.LP -General replacement rules syntax: s/\fBpat1\fR/\fBpat2\fR\fI[/expire]\fR +'\" t +.\" Title: netsed +.\" Author: Mats Erik Andersson +.\" Generator: DocBook XSL Stylesheets v1.75.2 +.\" Date: June 19th, 2011 +.\" Manual: NetSED +.\" Source: NetSED 1.00b +.\" Language: English +.\" +.TH "NETSED" "1" "June 19th, 2011" "NetSED 1\&.00b" "NetSED" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +netsed \- a network stream editor\&. +.SH "SYNOPSIS" +.HP \w'\fBnetsed\fR\ 'u +\fBnetsed\fR {\fIproto\fR} {\fIlport\fR} {\fIrhost\fR} {\fIrport\fR} {\fIrule\fR} [\fIrule\fR\ \&.\&.\&.] +.SH "DESCRIPTION" +.PP -This will replace all occurences of \fBpat1\fR with \fBpat2\fR in matching -packets. Additional parameter (count) can be used to expire rule after 'count' -successful substitutions. Eight\-bit characters, including NULL and '/', can -be passed using HTTP\-alike hex escape sequences (eg. %0a%0d). Single '%' -can be reached by using '%%'. Examples: -.TP -.B 's/andrew/mike/1' -replace 'andrew' with 'mike' (once) -.TP -.B 's/andrew/mike' -replace all occurences of 'andrew' with 'mike' -.TP -.B 's/andrew/mike%00' -replace 'andrew' with 'mike\\x00\\x00' (to keep orig. size) -.TP -.B 's/%%/%2f/20' -replace '%' with '/' in first 20 packets -.LP -Rules are not working on cross\-packet boundaries and are evaluated from -first to last not expired rule. -.SH SEE ALSO -.BR ngrep (8), -.BR nc (1), - -.BR /usr/share/doc/netsed/README.gz -.SH AUTHOR -\fBnetsed\fR was written by Michal Zalewski . - -This manual page was written by Gergely Nagy . +\fBnetsed\fR +is a small and handy utility to alter, in real time, the contents of packets forwarded in a network stream, or in a datagram connection\&. When called with a set of replacement rules, these rules are tested for applicability to each packet entering in either direction\&. +.SH "ARGUMENTS" +.PP +\fIproto\fR +.RS 4 +Determines the protocol for the desired connection: "tcp", "TCP", "udp", or "UDP"\&. +.RE +.PP +\fIlport\fR +.RS 4 +The local listening port for the connection\&. A service name, or a numerical port value, is acceptable\&. +.RE +.PP +\fIrhost\fR +.RS 4 +The remote host with whom the connection is desired\&. Resolvable host names and IPv4/IPv6 addresses are equally usable\&. +.sp +As a special case, assigning "0" to +\fIrhost\fR +will insert the kernel\*(Aqs knowledge of the targeted host address, in a situation where a netfilter rule is redirecting traffic\&. This happens when running a transparent proxy service\&. +.RE +.PP +\fIrport\fR +.RS 4 +The remote port to connect to\&. A service name, or a numerical port value, is acceptable\&. +.sp +Also here a value "0" will be acceptable to arrange a transparent proxy service, as the kernel\*(Aqs tracking will provide the intended remote port number\&. +.RE +.PP +\fIrule\fR +.RS 4 +At least one replacement rule is mandatory\&. The general syntax for this is: +.sp +.if n \{\ +.RS 4 +.\} +.nf +s/pat1/pat2[/num] +.fi +.if n \{\ +.RE +.\} +.sp +The effect is to replace the text that matches +\fIpat1\fR +with the expansion of +\fIpat2\fR\&. The optional parameter +\fInum\fR +is a numerical value limiting the maximal number of times the rule can be applied\&. One could say that the rule +\fIexpires\fR +after +\fInum\fR +occurrences\&. +.sp +The rules are applied in succession to all passing packets, flowing in either direction\&. As soon as a rule has been expired, it is removed from the collection of active rules for the current connection\&. Observe that any counter is started as the connection is initiated, running as long as the connection is alive\&. +.sp +This holds directly for TCP connections, whereas for UDP a connection is considered to consist of incoming data on fixed address and fixed port together with any response from a remote server\&. When no datagrams have been transmitted for a period of 30 seconds, the UPD connection is seen as closed\&. +.sp +A single rule is limited to act on individual packets; a pattern can not match across packet boundaries\&. +.sp +Using HTTP\-like escape sequences for hexadecimal values, all eight\-bit characters are viable in the patterns\&. Thus the standard character pair CRNL would code as "%0a%0d"\&. In a pattern, the percentage sign itself must be escaped by duplication\&. Thus a string "%%" is interpreted in a pattern as a literal percentage sign\&. +.RE +.SH "EXAMPLES" +.PP +A handful replacement rules are handy as examples\&. +.PP +s/andrew/mike +.RS 4 +Replace every occurrence of the string "andrew" with "mike", in every passing packet\&. +.RE +.PP +s/andrew/mike/1 +.RS 4 +Replace only the first occurrence of the string "andrew" for "mike" in each packet\&. Any repetition is unaltered, unless a further rule specifies some replacement\&. +.RE +.PP +s/andrew/mike%00%00 +.RS 4 +Replace in each packet every occurrence of the string "andrew" with "mike\ex00\ex00" \&. The padding with two null bytes ensures an unaltered packet length, which might be essential at times\&. +.RE +.PP +s/%%/%2f/20 +.RS 4 +Replace the first twenty occurrences of the percentage character \*(Aq%\*(Aq with slashes \*(Aq/\*(Aq\&. +.RE +.SH "AUTHOR" +.PP +This text was initially compiled by Mats Erik Andersson as a Docbook source from the usage printout\&. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Public License, version 2, or of a later version\&. +.SH "COPYRIGHT" +.br +Copyright \(co 2010 Mats Erik Andersson +.br diff -Nru netsed-1.00b/debian/NEWS netsed-1.00b/debian/NEWS --- netsed-1.00b/debian/NEWS 1970-01-01 00:00:00.000000000 +0000 +++ netsed-1.00b/debian/NEWS 2011-08-24 18:56:14.000000000 +0000 @@ -0,0 +1,18 @@ +netsed (1.00b-2) unstable; urgency=low + + An updated manual page has been generated directly + from my own Docbook source. + + -- Mats Erik Andersson Wed, 22 Jun 2011 20:20:19 +0200 + +netsed (1.00b-1) unstable; urgency=low + + This package is now based on the efforts of a new + upstream author, having forked the stale original, + and having continued the development from that point. + + This makes the shipped manual page outdated, since I + myself am aiding upstream in writing the new documenta- + tion. It will enter only with the next upstream release. + + -- Mats Erik Andersson Sat, 11 Jun 2011 02:26:38 +0200 diff -Nru netsed-1.00b/debian/patches/03-traditional_rule.diff netsed-1.00b/debian/patches/03-traditional_rule.diff --- netsed-1.00b/debian/patches/03-traditional_rule.diff 1970-01-01 00:00:00.000000000 +0000 +++ netsed-1.00b/debian/patches/03-traditional_rule.diff 2011-08-24 18:56:14.000000000 +0000 @@ -0,0 +1,24 @@ +Description: Allow traditionally delimited rules. + A rule of unlimited validity must be ot the form + `s/this/that', without a final delimiting dash. + This will confuse traditionalists like myself, + expecting 's/this/that/' to deliver the same effect. + . + Thus make a final dash optional, like common sed-syntax. +Author: Mats Erik Andersson +Forwarded: yes +Last-Update: 2011-07-19 + +diff -Naur netsed-1.00b.debian/netsed.c netsed-1.00b/netsed.c +--- netsed-1.00b.debian/netsed.c ++++ netsed-1.00b/netsed.c +@@ -564,7 +564,8 @@ + if (cs) { *cs=0; cs++; } + rule[rules].forig=fs; + rule[rules].torig=ts; +- if (cs) rule_live[rules]=atoi(cs); else rule_live[rules]=-1; ++ if (cs && *cs) /* Only non-trivial quantifiers count. */ ++ rule_live[rules]=atoi(cs); else rule_live[rules]=-1; + shrink_to_binary(&rule[rules]); + // printf("DEBUG: (%s) (%s)\n",rule[rules].from,rule[rules].to); + rules++; diff -Nru netsed-1.00b/debian/patches/04-check_dual_stack.diff netsed-1.00b/debian/patches/04-check_dual_stack.diff --- netsed-1.00b/debian/patches/04-check_dual_stack.diff 1970-01-01 00:00:00.000000000 +0000 +++ netsed-1.00b/debian/patches/04-check_dual_stack.diff 2011-08-24 18:56:14.000000000 +0000 @@ -0,0 +1,26 @@ +Description: Regulate dual-stacking of listener. + When the remote host is targeted using IPv6, and + 'net.ipv6.bindv6only=0' holds, then the local + listening socket will accept both address families. + As this intrudes on the available socket name space, + an additional test can be used to reset the IPv6 + socket to be single stacked. +Author: Mats Erik Andersson +Forwarded: yes +Last-Updated: 2011-07-20 + +diff -Naur netsed-1.00b.debian/netsed.c netsed-1.00b/netsed.c +--- netsed-1.00b.debian/netsed.c ++++ netsed-1.00b/netsed.c +@@ -395,6 +395,11 @@ + continue; + setsockopt(lsock, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); + //fcntl(lsock,F_SETFL,O_NONBLOCK); ++ /* Make our best to decide on dual-stacked listener. */ ++ one = (af == 0) ? 0 /* AF_UNSPEC given */ : 1; /* Preconditioned addr */ ++ if (res->ai_family == AF_INET6) ++ if (setsockopt(lsock, IPPROTO_IPV6, IPV6_V6ONLY, &one, sizeof(one))) ++ printf(" Failed to unset IPV6_V6ONLY: %s.\n", strerror(errno)); + if (bind(lsock, res->ai_addr, res->ai_addrlen) < 0) { + ERR("bind(): %s", strerror(errno)); + close(lsock); diff -Nru netsed-1.00b/debian/patches/series netsed-1.00b/debian/patches/series --- netsed-1.00b/debian/patches/series 2011-06-10 05:18:29.000000000 +0000 +++ netsed-1.00b/debian/patches/series 2011-08-24 18:56:14.000000000 +0000 @@ -1,2 +1,4 @@ 01-cflag_inclusion.diff 02-ftbfs_kfreebsd.diff +03-traditional_rule.diff +04-check_dual_stack.diff diff -Nru netsed-1.00b/debian/rules netsed-1.00b/debian/rules --- netsed-1.00b/debian/rules 2011-06-10 05:18:29.000000000 +0000 +++ netsed-1.00b/debian/rules 2011-08-24 18:56:14.000000000 +0000 @@ -1,9 +1,9 @@ #!/usr/bin/make -f # -*- makefile -*- -# debian/rules for netsed by Mats Erik Andersson and -# Arno Töll -# Written from scratch to adapt for debhelper 8 +# debian/rules for netsed by Mats Erik Andersson and +# Arno Töll . +# Written from scratch and adapted to debhelper 8. # Uncomment this to turn on verbose mode. # export DH_VERBOSE=1